Compliance — Deep Reference (Gated)
Gated content notice. This page is part of the gated reference surface. Distribution restricted by NDA. Do not mirror to public channels.
Edition gate
Requires NextPDF Pro. Get a license.
License feature flag
No per-feature license flag. The Pro edition gates the code.
Behavior contract
The module has three independent surfaces.
Language-tag reporting. LangComplianceReporter emits one structured JSON record per PDF/UA-2 language-tag event. Each record carries the event discriminator, a severity (warn for lax-mode reject, error for strict-mode reject), the offending tag, a machine-readable reason, the parsed tag components, an ISO 14289-2 §8.4.4 clause reference, and a UTC timestamp. ConformancePolicy is a Premium facade. Its default policy applies strict UA-2 language handling and rejects a malformed or unregistered tag reaching /Lang. An opt-out helper (ConformancePolicy::withStrictUa2(false)) reverts to the legacy lax behavior and logs a notice when used. NextPDF marks that helper deprecated; use the strict default instead. The helper exists since v5.0 and goes away in the next major release. To migrate: audit the corpus for malformed /Lang values, correct them, then drop the opt-out call so the strict default applies.
E-invoice handling. EInvoiceValidator checks a hybrid PDF against the EN 16931 semantic model and the Factur-X 1.08 / ZUGFeRD 2.4 container specification. It detects the profile, runs the EN 16931 business-rule engine and a Schematron pass, and returns an EInvoiceValidationResult with profile, syntax, rule violations, and PDF/A-3 + attachment-spec checks. A well-formed non-Factur-X PDF returns a “not an e-invoice” result rather than throwing; I/O or malformed-structure errors throw an e-invoice exception. FacturXEmbedder produces a hybrid PDF/A-3 document with the Factur-X XML attached via the /AF array and the embedded-files name tree, with a configurable /AFRelationship.
Provenance. C2paManifestEmbedder embeds a caller-supplied C2PA manifest store into a PDF byte string, or extracts one. ManifestStore is the immutable value object that crosses the boundary. The seam does not synthesize claims, ingest URI references, or resolve hash bindings; it performs no network or filesystem I/O and returns null on an extract miss.
This module reports what it checks. It does not certify a document, make it legally binding, or guarantee that any output satisfies a regulation. The e-invoice validator is not a tax-authority validator and excludes national extensions (for example Italian SDI, French Chorus Pro, German XRechnung). As EN 16931-1 states, the invoice issuer remains responsible for meeting the rules of relevant legislation. Support for a standard is not conformance to it. Consult your compliance team for regulatory sufficiency.
Public API surface
composer require nextpdf/pro:^3| Class | Key members |
|---|---|
LangComplianceReporter | emits structured language-tag event records |
ConformancePolicy | strict UA-2 facade; lax opt-out deprecated — migrate to the strict default (removed in next major) |
EInvoiceValidator | validateFile(string $pdfPath): EInvoiceValidationResult |
EInvoiceValidationResult | profile, syntax, businessRuleViolations, pdfA3Compliant, attachmentSpecCompliant, embeddedXmlSha256 |
EInvoiceProfile, EInvoiceSyntax, BusinessRuleViolation, BusinessRuleSeverity | result enums and DTOs |
FacturXEmbedder, FacturXEmbedderOptions | hybrid PDF/A-3 + Factur-X embedding |
C2paManifestEmbedder, ManifestStore | C2PA manifest store embed / extract |
Conformance
| Behavior | Reference | Status |
|---|---|---|
Natural-language declaration (/Lang) | ISO 14289-2:2024 §8.4.4 | Checked / reported |
| Core invoice semantic model | EN 16931-1:2026 | Checked (issuer remains responsible) |
| C2PA manifest store / JUMBF | C2PA 2.1 §11.1 | Embed / extract supported |
This records the specifications the module is built against and what it checks. It is not a statement of certification or regulatory sufficiency.
Edge cases & FIPS-mode behavior
- A well-formed non-Factur-X PDF returns a “not an e-invoice” result; it does not throw.
- An empty business-rule violation list does not by itself mean the document is valid; wrapper and attachment checks also apply.
- NextPDF deprecates the strict UA-2 lax opt-out; migrate to the strict default (see Behavior contract). It goes away in the next major release.
- This module does not perform cryptographic signing. C2PA claim signing and key custody are out of scope; see the Security module for FIPS-mode signing behavior.